Crypto exchange Bitfinex suffered a hack attack in 2016 due to a failure to implement operational, financial, and technological controls proposed by BitGo, OCCRP has learned, citing a copy of a report by Ledger Labs, which was responsible for the investigation.
Subscribe to our Telegram channel to get daily short digests about events that shape the crypto world
Although OCCRP admits it was unable to verify the findings, but Bitfinex "did not dispute the report was authentic." As per details, Bitfinex stored two of three keys needed to transfer crypto from the exchange on the same device. The hacker compromised the device and with the keys quickly raised the daily limit on the number of transactions to drain as much crypto as possible.
The report noted that security tokens generated by the keys were associated with a generic "admin" email address and another linked to "giancarlo," which was controlled by Bitfinex CFO, Giancarlo Devasini. It's unclear if the device was controlled by Devasini or "admin." It's also unclear how exactly the hacker managed to identify the device and attack it.
Ledger Labs believes the hack likely originated in Poland, citing a detailed analysis of source IP addresses.
Bitfinex was hacked in August 2016. The attack resulted in a loss of 119,756 BTC, worth about $72 million at the time. In February 2022, the FBI arrested Russian Ilya Lichtenstein and Heather Morgan in Manhattan on charges of laundering cryptocurrency stolen from Bitfinex. As part of the operation, the FBI seized over $3.6 billion in cryptocurrency.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange